Reflections on the 2017 Thales Data Threat Report

Reflections on the 2017 Thales Data Threat Report

Trends in Encryption and Data Security Include Major Implications for the IoT

Key Trends of the 2017 Thales Data Threat Report

The Global Edition of the 2017 Thales Data Threat Report featured a number of trends in the data set which are noteworthy for enterprises invested in the IoT, as well as cloud security. The 2017 report is based on a survey of over 1,100 security executives across the globe, and emphasizes the security impacts of advanced technologies, including cloud, big data, IoT, and containers.

“Cloud, big data, the Internet of Things (IoT), and increasingly, container technology, are all being actively embraced and collectively pack a potentially disruptive punch to the basic ground rules of venerable businesses. Nearly two-thirds (63%) of respondents admit that their organizations deploy these new information technologies prior to having appropriate data security measures in place.”

This year, enterprises globally are driven by the increase in cyberattacks, evolving privacy requirements, data residency regulations, and conventional insider threats. The pressure is on to find a way to safeguard data and reduce overall organizational exposure to data vulnerabilities.

A number of Thales’ findings stuck out to CSS, particularly those related to battling a lack of internal resources, as well as security implications of the IoT. Here are our thoughts:

Complexity and Lack of Skilled Staff

50% of respondents reported complexity as a top perceived barrier to adopting data security, while 35% said their greatest hurdle is a lack of staff to manage data security.

Being short-staffed when it comes to security experts is a pretty common challenge. The demand for cybersecurity experts is growing exceptionally quickly (four times more quickly than the IT jobs market, as reported by CIO from IDG). Supply isn’t keeping pace with demand, and it’s no secret as to why—the cybersecurity landscape is fast-paced and challenging in every industry.

Regardless of whether your security organization intends to expand your internal staff anytime soon, there are things you can do to get more bang for your buck and give some time back to your cybersecurity experts. Managing public key infrastructure (PKI) can be a considerably arduous, time-consuming task, depending on the number of digital certificates you’re managing. If you’re in search of a solution for making the most of your cybersecurity talent and offloading the more tedious obligations, CMS Sapphire is a viable solution for managed PKI.

CMS Sapphire allows you to keep the controls of your applications and Public Key Infrastructure (PKI) in-house, but transfer the day-to-day management responsibilities to CSS, ultimately helping to drive down costs while maintaining a secure environment in a world where new threats pop up every day.

Securing Cloud, Big Data, and the IoT

45% of organizations intend to store sensitive data in a big data environment, while 33% will store sensitive data within an IoT environment.

50% of participants reported no data privacy policy/agreement and custodianship of encryption keys as their top cloud security concerns.

Here are three areas that aren’t going anywhere anytime soon. Big data and IoT are on the rise and will continue to grow, and they go hand in hand. The Internet of Things (IoT) market and its exponential growth are bringing improvements and considerable revenue to almost every conceivable industry, but it’s also creating the need for better data security solutions, ASAP.

One possible solution for securing an IoT system is CMS VerdeTTo: a high assurance cloud-based IoT Identity Directory for the establishment of a Root of Trust, and the management of digital identities used in device authentication, data encryption, and execution of secure code. Remember, only a unique identifier (a device certificate) can ensure secure validation of a device, data, and code. A shared token or key, or plain-text passwords, cannot.

Concerns of Cloud Security Decline in Spite of High Use of Sensitive Data

A noteworthy decrease in security concerns with cloud providers occurred since last year’s study. Enterprises are increasingly realizing the benefits of cloud adoption, from operational efficiencies to cost effectiveness. Security is actually becoming an added benefit rather than a perceived potential risk.

“Data breaches at cloud service providers to date have been rare, and generally not serious. Most major cloud providers have larger staffs of highly trained security professionals than any enterprise, and their scalability and redundancy can provide protection from the kinds of DDOS attacks that can plague on-premises workloads Perhaps as a result of the recognition of these public cloud security realities, security concerns overall for public cloud are waning.”

Cloud security is progressively becoming less of a concern for cloud adopters as the use of cloud technology continues to proliferate. The decrease in cloud anxiety makes sense—it’s actually often a safer environment than can be achieved in-house, when working with a reputable provider.

In fact, the majority of technology solutions are offered via the cloud given the shift in preference, and CSS CMS solutions are no exception. We offer cloud versions of every certificate management solution we deliver:

The IoT continues to move at light speed. The benefits are undeniable: detailed insights into consumer behavior and improved product design and functionality, accelerated response to events, real-time transmission of applicable data, and improved overall operational efficiency. But IoT devices are manufactured faster than they can be secured, and are scarcely designed with security in mind. Slowly but surely, improvements are being made, but there’s a long way to go, and the current state of the IoT involves a considerable amount of security challenges and risks.

The best way to combat anxiety over the safety of sensitive data within an IoT system is to secure it. CMS VerdeTTo is a cloud-based IoT Identity Directory, and a robust solution for securing connected devices and objects.

Questions about the Data Threat Trends That Could Affect Your Business?

CSS is available to talk about the data security questions your IT organization is struggling with. Our PKI and digital certificates experts can work with you to identify your current security vulnerabilities and identify the best approach for relieving the pressure on your internal security staff or securing your IoT system.

If your security organization would like to learn more about how PKI can address your data security requirements, our experts are here for you. Contact us to talk about your needs.